Application Developer

The application developer can implement message security, but is not
responsible for doing so. Message security can be set up by the System Administrator
so that all web services are secured, or set up by the Application Deployer
when the Application Server provider configuration is insufficient.

The application developer is responsible for the following:

Determining if an application-specific policy is necessary
for an application. If so, ensure that policy is satisfied at application
assembly, or communicate the requirement for application-specific message
security to the Application Deployer, or take care of implementing the application-specific
policy.

Determining if message security is necessary at the Application Server level.
If so, ensure that need is communicated to the System Administrator, or take
care of implementing message security at the Application-Server level.